Two security researchers from Black Hat this week revealed a method in which a MacBook can be broken into and taken control of. In fact, the intrusion method is at such a low level that even firewalls and anti-virus applications can't help. Based on flaws in wireless network driver design, Apple's line of MacBooks -- and MacBook Pros -- allows an attacker to remotely bypass the security of the laptop and the operating system.

Jon Ellch and David Maynor from Black Hat say that drivers for Apple's notebooks are developed not in house, but outside using contracted development companies. Ellch says that often times, these development people are under so much pressure from higher management to get working drivers so that companies can rush our products to market. Under circumstances like this, drivers for devices such as wireless network processors enter "the wild" in an untested state.

However, Mayner said that "we're not picking specifically on Macs here, but if you watch those 'Get a Mac' commercials enough, it eventually makes you want to stab one of those users in the eye with a lit cigarette or something." Mayner cites that many of Apple's commercials claim that Macs don't suffer from the same security vulnerabilities that PCs do but in fact, they do.

The team at Black Hat demonstrated that they could circumvent the Wi-Fi security and OS level security in a MacBook and within just 60 seconds, were able to take complete control of the machine. Black Hat demonstrated the technique through a pre-recorded video to prevent anyone from intercepting the wireless network traffic to deconstruct the attack and release it elsewhere. Black Hat said that it has been in contact with both Apple and Microsoft, because the vulnerability exists on both sides.

Comments

Threshold

Username

Password

remember me

This article is over a month old, voting and posting comments is disabled

He was reasoning well but not quite enough - he still has to answer the question form me and phatboye about what worth is NT security if it encourages users to live as admins. TomZ, don't pay attention to zealots like maxusa and nunya, forums are full of them, so please don't disappear, we have interesting discussion here with you and phatboye ;-)

> "he still has to answer the question form me and phatboye about what worth is NT security if it encourages users to live as admins. "

Pirks, normally you're on target, but in this particular case I think you're wrong. Non-admin access for day-to-day usage is a useful tool to aid security, but its not a hard and fast requirement. At some point on any OS, you *have* to log in as admin...and if your system isn't secure then, you're still in trouble.

In other words, I feel the "don't run as admin" is just a bandaid designed to hide the real problem. If you can be attacked while running admin level privileges, you have a real problem. Fix the problem...don't hide it by running as a lower-level user.

quote: I feel the "don't run as admin" is just a bandaid designed to hide the real problem. If you can be attacked while running admin level privileges, you have a real problem. Fix the problem...don't hide it by running as a lower-level user.

That's one thing any Unix admin will laugh at. By your logic then if there are POTENTIAL vulnerabilities in OS kernel, then they are not worth hiding? In other words another layer of protection that mitigates potential FUTURE vulnerabilities in the OS core is just a band-aid? You definitely know that no OS can provide 100% problem free environment and any reasonably big OS always has its share of holes. But you still argue that as OS codebase grows in size (together with probability of discovering potential new holes) then thinking up new defence mechanisms is a waste of time, 'cause they are just a "band-aid"? This is a cornerstone difference between modern NT and Unix users. NT does not encourage users to run as limited users while Unix in general encourages it. If Unix limits its own potential exploitability by imposing serious restrictions on users - I can't call it band-aid, sorry.

And the most serious argument comes not from you and me, it comes from Microsoft developers who added this "band-aid" to Vista. Did they do this to patch (or mitigate the effects of) the potential future holes? Yes. Is that good? Yes. Can we disagree on how to call it? Sure, you can call it "stupid sticky patch" or anything, but the actions of Microsoft who was lagging behind Unix in this area and now at last decided to add it to Vista speak for themselves.

By calling this feature "band-aid" you call MS developers stupid, masher. And they are not stupid, so I'll always disagree with your definition. I'm pretty sure they planned UAP a ling time ago 'cause they saw what happens when virus takes control of PC from the root account. I think limiting user was obvious, but they just underestimated virus threat, otherwise they'd impose same heavy restrictions on NT root access as Unix does. Would it make users life easier? Nope, rather the opposite. Would it mitigate current wave of virii and malware? Yes, I'm sure malware would not disappear, but it surely would be less halmful.

> " But you still argue that...thinking up new defence mechanisms is a waste of time, 'cause they are just a "band-aid"? "

I think you misunderstand me. I agree that running non-root access for day-to-day activity is a good thing. I disagree though with the implication that encouraging (or even enforcing) this behavior is the sole metric by which you judge system security. It's just a tool...a useful one true, but only one in a large toolbox of other possibilities. A system that doesn't "encourage" such behavior can easily be more secure than one which does. There's a huge number of other factors at work.

Personally, I've run admin-level access 24x7 on every machine I've ever owned-- Windows, Solaris, Linux, and a few others. I've been using computers 25 years now, and never gotten a single virus. So the technique is, while useful, certainly not a hard and fast requirement for a desktop user.

quote: I think you misunderstand me. I agree that running non-root access for day-to-day activity is a good thing. I disagree though with the implication that encouraging (or even enforcing) this behavior is the sole metric by which you judge system security.

Now you probably misunderstood me - I never said this metric is a sole metric - nope, it's not and yes, there are other important metrics. My argument was that it is important enough that it got such a serious attention from MS with all the initial bad press surrounding introduction of UAP, and the most important - with zillions of old school home users that inherited old "I'm root" ideology from DOS/Win9x/NT/XP times. So while you are right that the limited user functionality is not the sole metric of system security (I've never stated otherwise) the fact that "every home user can be root" idea slipped into NT from the DOS world and was not eradicated until Vista. Countless malware, a lot of bad press and bad reputation was earned as a result (just watch those Mac commercials and tons of stupid users complaining about how their PC was infected).

I'd say this one turned out to be not the most important metric but rather the one that got the most bad press, BOTH when users were suffering from its absence AND when it was first introduced in Vista betas. Now compare this situation with a possible alternative - if MS took Unix as example to follow (as Apple did) and then forced every user to live with the notion that he/she can't be root all the time, and forced ISVs to comply with its software development guides by doing necessary checks and maybe printing warning in Visual Studio, providing ready templates, I mean stuff Apple routinely does with its XCode.

What would have happened then? MS would introduce more secure system earlier, marlware did less damage, it'd be harder to overtake the whole PC... but the transition to NT would be harder for DOS users, who could have flooded support lines with cries for help finding that mysterious System Administrator. So I'm not sure which way is better, I was just saying MS didn't pay attention to that and pays for this now. It could have paid earlier by introducing UAP in 2000 or so.

quote: I've been using computers 25 years now, and never gotten a single virus. So the technique is, while useful, certainly not a hard and fast requirement for a desktop user.

Well, I stopped getting virii when I switched to OS/2 2.0 in 1995, however if I see MS introducing this UAP thing into Vista and making end users suffer (at least in betas) - this IS a hard and fast requirement for desktop users now. In other words, MS does not do anything in Windows until it's required hard and fast. Be it UAP, Aero Glass, new virtual GPU based DirectX, new security overhaul - it's all required hard and fast. NOT because some Unix guru or I said so - but because market demands it, and the market is not the smartest dude to follow but when I see those OS reviews complaining about "lack of security" in Windows because it encourages home users to work as root - I conclude that market wants UAP hard and fast, let's agree on that :-) I know it won't solve Vista's potential security problems but it will definitely make it more secure.